Computer Forensics and Data Analysis
Software Services  
      Search:
Featuring

Home
What's New
Software

Reference

About Us
FAQs
Articles
Resources

Our Company

Legal Notices
Contact Us

Maresware Software Is Free. Download each file as needed

About Maresware

Maresware was originally developed for analysis of very large mainframe data files during the 1990's. Thats ancient history for millenials. It was then ported to the PC for forensic analysis. Written as clean 'C' code makes it very fast and efficient. Just find a file and download it. Some are encrypted which means call for the password.

All Maresware is command line driven, so brush up on your typing skills.
However, for those who know how to type, you may find many of the programs very useful.
Also: check out the alpha indexes at the bottom of each page.
If you find any broken links, or other problems (except spelling errors), let me know at: dan@dmares.com

One Liners describing each  

Short summary of the files

Those items indicated without a link or "special request" require an email or phone call to acquire. Only becuase i haven't yet uploaded the binary.

MOST POPULAR FORENSIC PROCESSING
 Compare    Perform field comaprison on "FIXED, Mainframe compatable data", two files which are sorted on same field. Co-worker of hash.exe output.
Diskcat      A command line (scripable) producing forensically sound file cataloging/listing process. (see list_it article below).
HASH       A program to calculate various MD5, SHA of files. Plus a lot more. Produces forensically sound results. (See forensic hashing article below.)
Hashcmp   Compares two files created with hash.exe to see which hashes match FileA to FileB
Hashdup    Finds duplicate hash values in the output produced by hash.exe
MD5         Program to calculate the MD5 and SHA of files. Similar to hash.exe. Various output formats are possible.
Upcopy     A forensically sound copy program. Certifiable for those wishing to take the time. See the forensic file copying article below.
RM and RMD: A program to remove and overwrite files.

COMPLETE LIST OF SOFTWARE
SAMPLE DATA FILES TO TEST YOUR SOFTWARE ON
SAMPLE BATCH FILES

ARICLES FOR YOUR ENJOYMENT

These articles discuss the forensic needs and usefulness of programs that were tested to evaluate their forensic and evidentiary results.
The articles discuss various processes (ie: file listing, hashing, copying, zipping of evidence), and comparisons with as many as 40 comparable programs to test against some standard NTFS data sets to see which ones pass or fail the forensic evidentiary tests. You will be surprised.

Inventory/Catalog files      Creating an inventory of evidentiary files for evidence purposes, and report production.
Forensic file copying        Article tests over 40 "forensic" progams which claim to be true evidentiary file copiers. HA HA.
Forensic Hashing              Article tests over 30 "forensic" hash programs which are recommended as forensically sound. (i have a bridge in Brooklyn for sale).
ZIP-IT for forensic retention  Article test a few zipping programs which might be used to store evidentiary data for posterity. Do they really store all the evidence?
ZIP_IT_TAKE2                  More tests for your zipping capabilities.
MATCH FILE HASHES    Demonstrates hash matches using Maresware. Processes to find or eliminate non-essential evidentiary files.
A HASH software buffet     How-to use the various Maresware hash software. Contains some sample batch file links.

SAMPLE DATA FILES FOR EXPERIMENTATION

These sample files and the software groups below all relate to the above mentioned articles:
Some of which are encrypted, so if you wish to use them, contact me for the passwords. dan@dmares.com

_50_FILES.exe                    Contains approx. 50 test files for catalog testing. (encrypted, call for password)
_BATCHES.exe                  Contains various batch files to be used with the demo files.
_DEMO_FILES.exe           Contains about 1000 sample files used in the MARESWARE software test lecture. (encrypted, call for password)
_CATALOG_EVIDENCE.exe   Suite of sample data files for use in testing some of your software. (encrypted, call for password).
_POWERPOINTS.exe         Powerpoint lecture files. (encrypted, call for password)
_PRETEST.exe   The pretest for the software test lecture.

In doing the research and software testing for the articles above, I downloaded various shareware, public domain, and other free software which I used in testing articles (above).
If you are interested in obtaining some of the software without having to search the internet for such software, you may wish to download those groups listed below.

Most of the software I used (except some which may be specifically licensed to me) in the testing articles above is included in those packages below.
You may wish to test your forensic capability using some of the above test data files provided and follow the processes outlined in the articles.
Download the test data above so your tests will have a similar environment that I used in my tests. Then compare your results with mine found in the articles.

Sizes shown are the size of the compressed executables. obviously they expand much larger.
_SOFTWARE_BIG.exe       Large collection (about 1G) of software for you to put thru the tests. (encrypted, call for password)
_SOFTWARE_MIN.exe     Minimal number (about 800 Meg) of software for you to put thru the tests. (encrypted, call for password)
_SOFTWARE_CATALOG.exe     Collection (about 100 Meg) of file/cataloging/listing software to test. (encrypted, call for password)
_SOFTWARE_COPY.exe   Collection (about 350 Meg) of forensic file copy software to test. (encrypted, call for password)
_SOFTWARE_HASH.exe   Collection (about 460 Meg)of forensic file hashing software to test. (encrypted, call for password)

SAMPLE SCRIPTS AND BATCH FILES TO SHOW THE POWER OF THE SOFTWARE

bates_no demo       A zip file containing about 10 files for you to rename using the bates_no.exe program.
collate_demo.zip    Sample files to learn about the the collate program.
compare_demo.zip    Sample files to test the compare.exe program. Compare your hash outputs against NSRL known.
datevonv_tests.zip    Contains sample files with various date formats to test your dateconversion software.
eml_proc_demo.zip    Contains a few sample .eml file to test the eml_proc.exe program.
hash_demo.zip    Zip file containing: 32 bit .exe, with sample files and a sample batch run.
hash_dup_demo.zip    Contains a few sample hash file outputs to test the hash_dup.exe program.
hashcmp_demo.zip    Contains a few sample hash file outputs to test the hashcmp.exe program.
LongFileName_FILES.7z.zip   Sample long filename > 255 files to test your cataloging software on an NTFS file system.
md5_examples.zip   A few sample files to check your md5 program calculations.
samples.zip   About 8 files with sample keywords for various searching needs of meta-data.
test_icac.zip   A crude script to catalog and then extract possible ICAC related files based on filename searches.
verticle_demo.zip   Some sample data files with wide records that can be converted to multi-line records for reports.
x-ways_meta.zip   Various (old) x-ways meta-data report outputs, with help on how to convert to a reasonable format for reports.
script    to convert the x-ways copylog.html

NSRL_0-3.zip   NSRL hashes from 0-3hhhhhhhhh values.
NSRL_4-7.zip   NSRL hashes from 4-7hhhhhhhhh values.
NSRL_8-B.zip   NSRL hashes from 8-Bhhhhhhhhh values.
NSRL_C-F.zip   NSRL hashes from C-Fhhhhhhhhh values.
NSRL_DEMO.zip   Large file: NSRL search examples using above data.

32BIT SOFTWARE VERSIONS =======================================

Bolded explanation lines are probably the most popular for forensic, evidence and data analysis uses.

add_recl.exe     reformat (variable length) carriage return delimited records. Add_recl manual
bates_no.exe     will "rename" a file to add a bates number to the filename. Useful in uniquely identifying like named evidence files. bates_no manual
bsearch.exe      Performs "binary" search of sorted field of "FIXED" length records. bsearch manual
csv2pipe         Converts a csv delimeted file to pipe | delimeted. csv2pipe manual
chsize.exe        Change/resize a file. delete characters, or add hex00's to increase size. chsize manual
collate.exe      Collate two "FIXED, Mainframe compatable data", files on the sorted field. collate manual
compare.exe     Perform field comaprison (ie: hash value) on "FIXED length files", two files which are sorted on same field. Compare your hash run with NSRL known. compare manual
copy_ads.exe       Copy or extract the Alternate Data Stream file to a "normal" file which can processed with usual software. copy_ads manual
crckit.exe          Calculate the CRC of a file. Has many formatting output options. crckit manual
dateconv.exe   Converts many binary dates to human readable. Can take text file inputs for bulk conversions. dateconv manual
dater.exe         A simple calendar display. And much more. dater manual
day_dif.exe   Calculates difference between two date fields in a record. daydif manual
decimal2ip.exe   Converts decimal: 3139666412, Hex: BB2381EC to IP-Decimal:187.35.129.236 with delimeters. decimal2ip manual
declasfy.exe       Wipes files and/or drives with user specific data, or random values. May work under 32bit OSs.
dirv.exe         Take the output of DIR command such as DIR /S /V or DIR /S /TA (NT) and create single line records merging the path and filename on the same line.
diskcat.exe   A command line (scripable) file cataloging/listing program. diskcat manual
diskcat64.exe         A 64 bit scaled down diskcat, command line (scripable) file cataloging/listing program. diskcat manual
e_to_a.exe   Converts ebcdic to ascii file. e_to_a manual
eml_process.exe        Program to process .eml files and find/pull out ALL header information to a delimeted (Excel compatable) file. eml_process manual
eventlog.exe   Processes eventlog files from WIN9x and before. event_log manual
Fasthash        Calculates file hashes with different format output than hash.
filbreak.exe       A program to pick specified fields from a "FIXED, Mainframe compatable data" file. filbreak manual
filsplit.exe        A program to split a large file to smaller pieces, for testing and other purposes. filsplit manual
findrecl.exe       A program to find the record length of "FIXED, Mainframe compatable data". findrecl manual
hash.exe         Calculate various MD5, SHA of files. Plus a lot more. hash manual
hash_dup.exe    Finds files with duplicate hash values in the output produced by hash.exe. hash_dup manual
hash_lines.exe   Hashes each line of a text file and adds value to beginning of each item. hash_lines manual
hash64.exe          64 bit hash. less verbose options than the 32 bit version. hash manual
hashcmp.exe          Compares two files created with hash.exe to see which hashes match FileA to FileB. hashcmp manual
hashcmpv.exe   Compares two variable length files created with hash.exe to see which hashes match FileA to FileB. hashcmpv manual
hexdump.exe  Hex display of a file. hexdump manual
hk_hash.exe   Alternate hash output of files. hk_hash manual
ispgp.exe   Check a file to see if it is a pgp encrypted file. ispgp manual
kiting.exe  A file which will take "FIXED, Mainframe compatable data", that has two date fields, and show the difference in dates. kiting manual
Lfn_Crc  Calculates the CRC of the 8.3 name of long filenames. lfn_crc manual
makedir.exe  Creates multiple level directories in one command. makedir one\two\three\etc. makedir manual
mak_html.exe  Takes filenames (in a tree, like diskcat), and creates a linkable html document to the files. mak_html manual
md5.exe        Calculate the MD5 and SHA of files. Similar to hash.exe but has various output formats are possible. md5 manual
mdir.exe        Program to display a directory listing. Better than explorer. mdir manual
mkdtemp32.exe   Create generic sized sample files within X number of subdirectories. For testing purposes. mktemp manual
modify.exe   Program to change file attributes. (modify file.ext +rhs, etc). modify manual
mouse.exe   Display text files on screen one page at a time. mouse manual
nist_crc.exe    Nist_crc compiled from (slightly modified) source code obtained from the NIST/NSRL web site to calculate various values. nist_crc manual
no_html.exe  Remove most or all html coding from a file. Makes it easier to read and include in a report as text. no_html manual
ntimage.exe   Create bit image of a drive. ntimage manual
ntwipe.exe   Wipe a drive. Various data options. ntwipe manual
pipefix.exe        Takes Pipe delimeted (|) files and makes them fixlength records for processing by the mainframe programs. pipefix manual
pipelen.exe   Take a delimeted file and tell you how many fields, and max length of each field. pipelen manual
recycled_i.exe Parse the $I files extracted via a forensic software package. Special request. recycled_i manual
rmd.exe       Removes and overwrites files. rmd.exe renamed to rm.exe merely removes files. rm, rmd manual
rot13.exe   Convert ROT13 file to ascii readable. rot13 manual
sample.exe   Generate file of sample data to be used by other testing programs. sample manual
seadate.exe   decode the Seagate disk manufacture date. seadate manual
search.exe       Perform searches on a field(s) in fixed length records. search manual
sha_verify.exe   Performs various SHA calculations of files. sha_verify manual
split.exe   Splits off X records from fixed length files. split manual
ssn_valid.exe   Confirms that an SSN is valid. and attempts to provide state of issuance (before SSA changed the rules). ssn_valid manual
Strip.exe   Replace unprintables with blanks, else they are dropped completely. Other options. strip manual
strsrch.exe   Search files for unlimited number of text strings. strsrch manual
total.exe   Totals or "counts" values in fields/columns in fixed length records. total manual
touchme.exe   Maresware alternative to touch program. Quite programmable. touch manual
u_to_a.exe   Converts unicode file to ascii. (removes all the hex 0x00). u_to_a manual
unique.exe   Removes records with duplicate sorted keys. unique manual
upcopy.exe          A forensically sound copy program. upcopy manual
upcopy64.exe   64 bit limited option version of upcopy.exe. upcopy manual
url_srch.exe   Search files for email addresses, URLS, IP, SSNs, Credit card numbers and more. excellent to use on eml files. url_srch manual
verticle.exe   Turn delimeted records into multi line output for reoprt inclusion. verticle manual
vss.exe   Simple Mount of volume shadow copies. vss manual
random.exe Generate random numbers for sampling or other purposes. random manual
Sortchek.exe  Confirms the sort of a fixed length file on the sorted field. sortchek manual
truetime.exe  Obtains current time from user to input into reports. truetime manual
x-ways_meta.exe   Reformats the x-ways meta data fields to human readable. x-way meta-data processing
X-Ways_Report_Process.exe Program(s) to clean up the x-ways metadata field from the export file/report function. x-way meta-data processing

16BIT =====================================
Most of this software will only run under a 16 bit OS and not run with modern versions.


Ch  Is modeled after the *ix setcdpath command which allows for more efficient changing of directories from the command line. ch manual
Chek_env  16 bit: will check the environment for the existance of a variable, and confirm the value set for the variable. chek_env manual
collate.exe collate.exe 16 bit version. Collate two sorted files on the sorted field.
compare.exe compare.exe 16 bit version. Compare two sorted files on the sorted field.
crckit.exe  16 bit version. Calculate 32 bit CRC of file.
Dateconv   converts a long decimal date it to the conventional format for writing a date, i.e., 00-00-0000. dateconv manual
dater.exe Get the 16bit version. Prints current date and time in YYYYMMDD or other formats for inclusion into reports.
dater.exe Prints current date and time in YYYYMMDD or other formats for inclusion into reports. dater manual
disk_crc  GET the 16 bit version. Performs 32bit CRC of a physical drive.
diskcat.exe  GET the 16 bit version. Creates a full file listing catalog of drive or folders.
diskimag.exe GET the 16 bit version. Creates a full bit image of a drive.
filsplit  Split off (extract) a number of records from a fixed length file. filsplit manual
hash.exe Get the 16 bit version. Calculate file hash.
hex_sect.exe Get the 16 bit version. Hex display of disk sectors.
hexdump1.exe  Get the 16 bit version. Hex display of a file.
hexedit.exe  Get the 16 bit version. Edit a file at the hex level.
ispgp.exe   Check a file to see if it is a pgp encrypted file. ispgp manual
lfn_crc.exe Calculates the CRC of the 8.3 name of long filenames. lfn_crc manual
md5.exe   Get the 16 bit version. Calculate the 128bit MD5 of files.
mdir.exe   Get the 16 bit version. Forensic DIR clone.
modify.exe  Adjust, change the attributes of a file. (ie: modify filename.exe +rh) modify manual
ss.exe  16 bit program to search raw sectors.

Home  |  |  About Us  |  FAQs  |  Articles  |  Resources  |  Legal Notices  |  Contact Us  |
Files A-C  |  Files D-F  |  Files G-K  |  Files L-O  |  Files P-S  |  Files T-Z  |
 |  SoftwareData Analysis Software  |  Forensic Processing Software  |  Linux Processing Software  |
Complete helpfile.zip  | Complete pdf_s.zip  | Complete 16 bit software.zip  | Complete 32 bit software.zip  |
 
copyright © 1998-2023 by Dan Mares and/or Mares and Company, LLC